Last week, millions of WordPress accounts and websites have been attacked as part of a major cyber attack with the aim of obtaining credentials and other sensitive data.
The hackers behind the attack were attempting to access a specific file from WordPress websites called wp-config.php, as they contain crucial information such as database passwords, contact info, unique authentication keys, salts, and more.
They tried to exploit weaknesses in plugins and themes such as cross-site scripting (XSS) on WordPress. This was done to gain access to credentials, and ultimately completely take over the websites. However, QA engineer and threat analyst Ram Gall explained in a blog post how thanks to the Wordfence Firewall the attackers failed to do so.
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem.
WordFence’s security researchers were able to link this attack to a previous one, where hackers with 20,000 different IPs were trying to install backdoors and redirect users to malicious websites. They have launched almost 20 million attacks on more than a hundred thousand websites.
As with every other hacking case, WordPress site owners can protect their platforms by applying the latest patches released by creators to keep their plugins and themes up-to-date. Outdated themes and plugins should also be removed because they are no longer retained in the interests of protection.